This invention relates generally to systems and methods for authenticating a cardholder when performing a financial transaction and, more particularly, to network-based systems and methods for authenticating an identity of a cardholder using a one-time password.
Financial transaction cards are widely used in the United States and elsewhere as a means to attract financial accounts to financial institutions and, in the case of credit cards, as a medium to create small loans and generate interest income for financial institutions.
The financial transaction card industry is subject to certain well-known problems. For example, in the credit card industry it is well-known that at least some persons will engage in fraudulent activities through either the theft of a credit card or a credit card number. The utilization of financial transaction cards in online transactions exacerbates the risk of fraudulent activity. Financial transaction card companies have thus implemented increased security measures to reduce the instances of such fraudulent activity. These increased security measures utilize a standardized protocol for authenticating a user by communicating transaction information between computer devices and requiring a user to provide authentication credentials (e.g., a user name and/or password) in addition to a credit card number to complete a transaction with a merchant.
The proliferation of password-protected online services can make remembering which password corresponds to which service challenging. A user may attempt to solve this problem of password recall by using an easily remembered password and/or by using the same password for multiple services. As a result, the password used for authenticating the user in the context of a financial transaction may be relatively easily compromised. Furthermore, because a user's account information and password may change infrequently or not at all, once compromised, such information may be stored or distributed for subsequent and/or repeated fraudulent use.
Accordingly, a system and method are needed for authenticating the identity of a user in a financial transaction based on a dynamically generated, one-time password.